[4.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.

Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2025-10-16 16:28:33 -0400
committer: Natalia <124304+nessita@users.noreply.github.com> 2025-11-05 09:52:56 -0300
commit: 770eea38d7a0e9ba9455140b5a9a9e33618226a7 (patch)
tree: ad731e4465db6a4ee3f88c609612ce0aa473ea9a /tests/httpwrappers
parent: 80976bd89e9e1fdfb98c4d902ca4dc59bd3d1d46 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py
index fa2c8fd5d2..b20d9a1ca1 100644
--- a/tests/httpwrappers/tests.py
+++ b/tests/httpwrappers/tests.py
@@ -24,6 +24,7 @@ from django.http import (
 )
 from django.test import SimpleTestCase
 from django.utils.functional import lazystr
+from django.utils.http import MAX_URL_LENGTH
 
 
 class QueryDictTests(SimpleTestCase):
@@ -490,6 +491,7 @@ class HttpResponseTests(SimpleTestCase):
             'data:text/html,<script>window.alert("xss")</script>',
             "mailto:test@example.com",
             "file:///etc/passwd",
+            "é" * (MAX_URL_LENGTH + 1),
         ]
         for url in bad_urls:
             with self.assertRaises(DisallowedRedirect):
author	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-16 16:28:33 -0400
committer	Natalia <124304+nessita@users.noreply.github.com>	2025-11-05 09:52:56 -0300
commit	770eea38d7a0e9ba9455140b5a9a9e33618226a7 (patch)
tree	ad731e4465db6a4ee3f88c609612ce0aa473ea9a /tests/httpwrappers
parent	80976bd89e9e1fdfb98c4d902ca4dc59bd3d1d46 (diff)